Re: VoIP,Firewall, NAT, GateKeeper, ...
Hello,
Have you tried irc ? Damien SANDRAS the main developper of GM is often there
in the evening (CET Belgian). I solved my problems like this.
It seems a recurrent question...
PS: Damien also speaks french.
On Wed, Jan 29, 2003 at 03:57:08PM -0500, Dominique Fortier wrote:
> Helo list,
>
> I hope everything goes fine for you.
> Me, I'm fine thank you although I have this small problem.
>
> I have have a small GNU/Linux Debian Woody (stable) firewall with a fix
> IP and a class C private network (192.168.0.0) that has another woody
> (cyrus-imap server) and a Sarge (my "Work/Play"Station). On the
> firewall, every debs are from the stable tree except for the kernel, its
> a 2.4.20+debianlogo+ipsec+grsec+preempt, shorewall, its at 1.3.11a and
> webmin, which has been upgraded using www.webmin.net website thru webmin
> upgrade.
>
> It is working fine, highly stable. I am even making some money out of
> this setup. I use Vtun for Woody to Woody VPN's (redundancy+very easy
> to implement) and I'll soon offer IPSec VPN's to supported and policy
> accepted remote M$ computers.
>
> Oh and by the way, excuse my french.
>
> Everything in my life was wonderfull until I started to "play" with VoIP
> software, wich is something I had in mind a while ago.
>
> Reading an article from the January 2003 edition of the Linux Journal, I
> installed GnomeMeeting-0.12 from the stable tree on my workstation and
> did a test with a girlfriend who hooked her laptop to my LAN and
> installed and configured NetMeeting. It was wonderfull, audio was
> crystal clear and configuration was done on both side by a couple of
> Click, Click, Next, Click, Click, Finish !
>
> I knew that in order to get it working from my LAN with people using
> h323 clients on different platform on the Internet, it would require
> more that a couple of clicks. I have read the rest of the article, h323
> NAT patch, RSIP, blablabla.
>
> First thing I tried was to forward the required ports from the web to my
> "Work/Play"Station and NAT everything from the LAN to the NET. Without
> applying any h323nat_conntrack or RSIP patch.
>
> Rules and policy from shorewall 1.3.11a :
> #policy
> loc net ACCEPT
>
> #rules
>
> ACCEPT:info net loc:192.168.0.100 tcp 1503,1720,30000:30010 - all
> ACCEPT:info net loc:192.168.0.100 udp 5000:5003 - all
>
> >From there, connection goes ok in both direction but there is no sound.
> The remote endpoint is using Win95+netmeetin 3.01 SP2 and had it working
> with another user with M$ netmeeting. Both were using dial-up
> connection on their pc.
>
> So I continued on reading, looking for a solution that would allow me to
> provide secure, if possible proxyed connection. Something like
> openh323gk seemed to provide the solution. Installed it, configured
> both wks, but again, no success. Then I found out I would need version
> 2.0.2 in order to support proxy mode.
>
> They even provide wath they call debs (sid debs) on theire site. And
> sid has them also. But it doesnt install on neither Woody or Sarge.
> Does not compile also, requires many unstable libs.
>
> I tried with the staticaly link gnugk, but it asks for libstdc++.so.5!!!
> libstdc++.so.5 !?!?!?!
>
> I've browse to their mailling list with no success, undreds of questions
> with only a couple of dozen answers, most of them are just saying :
> RTFM, wich I did but did'nt fully understood yet.
>
> I'll stop rigth here cause I could continue for hours !
>
>
> My questions :
>
> 1- Is it possible to provide VoIP between people in a LAN and people on
> the net in proxy mode ? i.e. People from the net register on the
> gatekeeper, and ask the gatekeeper to establish a connection with a user
> in the LAN. And vice-versa.
>
> 1.2- If yes, can it be done with Woody ?
>
> 2- Is there any alternative in order to provide VoIP between
> heterogeneous platform, clients and server ? Voxila, GnoPhone, GNUComm?
> Wich one is best for now and in the future ?
>
> 3- If I am not mistaking, all this can easily be solved by using stable
> openh323gk thru a vpn between remote internet users and the LAN, Am I
> rigth ?
>
> 3.1- If thats the case, what is gona be the performance cost using VoIP
> thru IPSec with 56k connection users ?
>
> This is gona be fun !
> Thanks in advance !
> I apologize for the length but I am not the two sentence "I can't make
> this work !" poster.
>
> Yesterday, I new @$^&[ about all that jazz !
> Today all that @$^&[ is in my head !
> And I can't make any Jazz out of it !
>
> @+ les aminches !
>
> Dominique Fortier
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: